diff --git a/traefik/.env b/traefik/.env new file mode 100644 index 0000000..d8f17fd --- /dev/null +++ b/traefik/.env @@ -0,0 +1,2 @@ +CF_API_EMAIL=email_goes_here +CF_DNS_API_TOKEN=token_goes_here diff --git a/traefik/config/acme.json b/traefik/config/acme.json new file mode 100644 index 0000000..e69de29 diff --git a/traefik/config/dynamic.yaml b/traefik/config/dynamic.yaml new file mode 100644 index 0000000..b32ebdb --- /dev/null +++ b/traefik/config/dynamic.yaml @@ -0,0 +1,22 @@ +http: + middlewares: + authelia: + forwardAuth: + address: "http://authelia:9091/api/verify?rd=https://authelia.meftimes.com" + user-auth: + basicAuth: + users: + - "admin:{SHA}XIaqHrLff+jBeOIUMhwcdUxMxjA=" + +tls: + options: + default: + minVersion: "VersionTLS12" + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_RSA_WITH_AES_256_CBC_SHA diff --git a/traefik/config/traefik.yaml b/traefik/config/traefik.yaml new file mode 100644 index 0000000..8211674 --- /dev/null +++ b/traefik/config/traefik.yaml @@ -0,0 +1,41 @@ +api: + dashboard: true + +entryPoints: + web: + address: :80 + http: + redirections: + entryPoint: + to: websecure + scheme: https + permanent: true + + websecure: + address: :443 + http: + tls: + certResolver: letsencrypt + domains: + - main: meftimes.com + sans: + - "*.meftimes.com" + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + watch: true + network: proxy + #defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.meftimes.com`)" # would be nice to get working + file: + filename: /config/dynamic.yaml + +certificatesResolvers: + letsencrypt: + acme: + email: all.other@slmail.me + storage: acme.json + keyType: EC384 + dnsChallenge: + provider: cloudflare diff --git a/traefik/traefik.yml b/traefik/traefik.yml new file mode 100644 index 0000000..0591e85 --- /dev/null +++ b/traefik/traefik.yml @@ -0,0 +1,35 @@ +version: "3" + +services: + traefik: + image: traefik:latest + container_name: traefik + restart: unless-stopped + env_file: + - .env + security_opt: + - no-new-privileges:true + networks: + - proxy + - monitoring + ports: + - 80:80 + - 443:443 + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./config/traefik.yaml:/traefik.yml:ro + - ./config/acme.json:/acme.json + - ./config:/config + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.rule=Host(`traefik.meftimes.com`)" + - "traefik.http.routers.traefik.middlewares=authelia@docker" + - "traefik.http.routers.traefik.service=api@internal" + +networks: + proxy: + external: true + monitoring: + external: true